The security of public key cryptography relies on computers not being able to generate anywhere near 2256 guesses per any reasonable time length. The obvious implications of a computer this powerful would be that Bitcoin and all other cryptocurrencies would be hacked immediately. But what other less obvious destruction could a computer with this capability provide? What would immediately tumble if the power of this computer were directed at it?

$\begingroup$Do they bring 8 billion of them and hand 'em out for free to everyone, or do they bring 1 and drop it off at Fort Meade? (I know you're thinking somewhere in between, but where in between? If they give us the schematics but only a handful of companies can build them, and the biggest / most-oppressive governments can lean on those companies, the answer will be different from "anyone can build it in their backyard with a hammer and a couple screws.")$\endgroup$
– drewbennSep 2 '16 at 6:05

$\begingroup$@Jeff: generally speaking with the crypto primitives we use, God can make a rock so heavy that He can't lift it. So if everyone has an alien computer then the playing field is back to normal, attacker has a huge advantage over defender, and you just choose "big enough" keys, hash algorithms, etc. Might take a while to update protocols of course. I think actually that it's not even necessary for everyone to have alien computers, and that current PCs have the clock cycles to use "big enough" keys already. High-traffic secure websites would need more hardware, though.$\endgroup$
– Steve JessopSep 2 '16 at 8:27

4

$\begingroup$RFID and the like might be in trouble, mind. I don't know how much power and CPU cycles they have to spare at the moment. And you might want a bigger battery on your phone. Maybe the main effect of this alien computer, given enough time for the dust to settle and protocols to be enhanced, will be mass suicide of Apple designers because they have to put several mm back on the thickness of their devices ;-)$\endgroup$
– Steve JessopSep 2 '16 at 10:54

4

$\begingroup$Careful! With a computer capable of performing enough calculations per second (At one point I estimated between 10^101 and 10^303 ops/second) you can actually simulate the entire universe, rendering the whole question of decryption moot.$\endgroup$
– MichaelSep 2 '16 at 17:33

18 Answers
18

The destructive power of this device would be immense. If you defeated the safeguards on it, it would become the single most powerful bomb ever envisioned.

Doing irreversible calculations, as described here, takes energy. It turns out there's a bare-bones minimum amount of energy required to set 1 bit, based on the entropic content of that data and the temperature. A computer doing irreversible operations will naturally warm up to the temperature of its heatsink, and the coldest heat sink we can get is 3K, the temperature of the background radiation of the universe. You can try to cool it lower than that, but you end up burning more energy than you save.

As a result, there's a minimum of $2.87 \times 10^{-23}$ J/bit of energy wasted every time we flip a bit in an irreversible computer. If we had a reversible computer, this limit would not apply, but in the case of reversible computing, number of calculations is not the unit of measure, so they would not apply to your question.

It turns out that just to run a counter from 0 to $2^{256}$ takes a lot of energy.* A lot of energy. In fact, using that bare bones minimum energy per bit-flip, it will consume 3/4 of the energy in the known galaxy. That's just to run the counter, not even doing any calculations.

So, given a device with 3/4 of the energy of a galaxy, I think we'd want to respect its integrity. The destructive power of this computer would be unimaginable if it were simply disassembled and turned back into usable energy.

* As pointed out in the comments, counting like this is a reversible operation. In this case, I am assuming the counter is implemented using irreversible logic like those we find in a modern ALU. This counter is my surrogate for the general purpose calculations that we could have been doing, such as calculating SHA-1 checksums. This operation is within a factor of a thousand of the most trivial irreversible operation possible (erasure of an unknown bit)

$\begingroup$"If you defeated the safeguards on it, it would become the single most powerful bomb ever envisioned." - I did some back-of-the-envelope calculations, and it would take a fraction of a second for the energy used to have enough mass to create a black hole larger than the Earth. So the safeguards would have to include very powerful antigravity tech.$\endgroup$
– Rob WattsSep 2 '16 at 17:03

7

$\begingroup$@Joshua The question does say that the aliens "import" this computer. It doesn't fully define what "import" actually means. If the computer indeed followed the laws I used in my answer, "import" might not mean "brought to earth' as much as "parked in orbit around the Large Magellanic Cloud." That would be a much safer distance for a galaxy devouring computer, don't you think? =)$\endgroup$
– Cort AmmonSep 2 '16 at 17:41

14

$\begingroup$Question does not have hard-science or even science-based tags, so I believe this answer totally misses what the question is asking. The processing power of the computer is given, so add any technology which makes it possible (for example, doing calculations in a self-energized pocket universe optimized for the purpose, just sending program and data in, and getting results out).$\endgroup$
– hydeSep 2 '16 at 19:33

4

$\begingroup$@hyde I felt the science based answer gave useful insight. If you assume magic instead of science, the answer is a lot more boring. The transient cases are all dependent on the exact implementation of the interface and how many computers the aliens bring and how much we know about them. The steady state case is "nobody cares, because we just bump it up to 512-bit encryption and win the arms race." Far less entertaining.$\endgroup$
– Cort AmmonSep 2 '16 at 20:48

As far as decryption is concerned: The encryption systems currently in use are using key sizes that make it absolutely impossible to crack them using known technology. These key sizes would be cracked if you had 2^256 operations per second available. So what would you do? Increase the key size. RSA with 1024 bit keys is close to uncrackable today. Not completely out there, but very hard. RSA with 4096 bit keys would be uncrackable by the alien computer.

It would be a bit harder to use with our native hardware, but not that hard. The same with symmetric keys; you would have to rearrange your algorithms a bit, but use a 512 bit key where today 256 bits are considered total overkill, and you are fine.

$\begingroup$4,096-bit RSA only gets you an approximate 109-142 bits work factor, depending on which authority you subscribe to. Give keylength.com a try (you want factoring modulus size for RSA). Now, there is no direct equivalence between work factor and time required, but it is good enough to be useful. So to a first order approximation, 4,096-bit RSA, against an adversary capable of 2^256 calculations per second, might hold up for a few seconds, but I can't see it faring better. Remember, as you say we can envision key recovery attacks on 1,024-bit RSA, but not even 128-bit AES.$\endgroup$
– a CVn♦Sep 4 '16 at 19:49

It would make most of our current encryption systems obsolete.
However, it would also make new systems possible. These new systems will be unbreakable until the next set of aliens arrive.

Net result: Many old secrets will be revealed. But new secrets would still be secret.

There will be a transition period before we adjust. History shows us that criminals adjust faster than business and law enforcement. That could be chaotic, for a while. But then things will settle down.

Passwords will become a thing of the past. Any password a human can remember, these computers can break.

I think biometric recognition would have to replace it. Today that doesn't work too well, but with better computers we can do a better job of it. You might have to both look into a camera and speak into a microphone to identify yourself. Maybe other sensors can be used too, like smell sensors, signature recognition (with writing speed and pen pressure added to the data) With enough computing power, the possibilities are endless.

However, one thing is certain. Computer programs will be written that are complex enough that even these computers will seem slow to their users.

$\begingroup$No, it will make asymmetric encryption obsolete. It will do nothing to symmetric encryption, and a 10-letter password will still be as weak/strong as before. It's very nice that such a computer could try so many passwords in a second, but that's quite irrelevant when it will spend years waiting for the I/O :)$\endgroup$
– LuaanSep 2 '16 at 11:55

25

$\begingroup$... and biometrics are not a panacea. A password that can never be changed and that you are constantly expressing in public is quickly useless.$\endgroup$
– Eric TowersSep 2 '16 at 13:04

13

$\begingroup$Biometrics are poor security, as @EricTowers rightly points out. Worse is when your biometrics do change, and you can't get into your stuff any more. Voice authorization when you have a cold? Fingerprint scan after you burn your finger? Breath analyzer after you eat some really hot curry? "I'm sorry, Dave, I'm afraid I can't do that."$\endgroup$
– Martin CarneySep 2 '16 at 19:11

5

$\begingroup$@MartinCarney Even worse than that, Biometrics are terrible for encryption since they are so "fuzzy". They are sort of passable for authentication, but not as keys/passwords for encryption. This is why iphones can't be unlocked with a fingerprint after reboot: security.stackexchange.com/a/134393/20035$\endgroup$
– Patrick MSep 3 '16 at 4:48

2

$\begingroup$This will not make asymmetric encryption obsolete. The computer is fast but still polynomially bound. Increasing the key size for future encryption would be sufficient.$\endgroup$
– KeelanSep 3 '16 at 10:12

I not sure we would even understand the limits on what this computer could do.

However, I know one thing, it would not be able to do quickly, simulate a monkey typing out a copy of Shakespeare's Hamlet by random typing. As remarked in Wikipedia

However, for physically meaningful numbers of monkeys typing for
physically meaningful lengths of time the results are reversed. If
there were as many monkeys as there are atoms in the observable
universe typing extremely fast for trillions of times the life of the
universe, the probability of the monkeys replicating even a single
page of Shakespeare is unfathomably minute,

People rarely have an intuitive understanding of the difference between really big numbers and the infinite. 2256 is a really big number (OK, not so much when compared to say Graham's Number). But infinity is completely different.

The reason for the comparison to the infinite is that this example is often phrased in terms of an infinite number of monkeys. With infinite monkeys you get Hamlet, Mabeth, etc. including translations into every language, as well as else everything else that can be typed in the time it take to type it in without without mistakes.

Really big as in 26^130000 for Shakespeare is so far beyond 2^256 that the computer will not dent the problem before the heat death of the universe. There are many computer algorithms that act more like the Shakespeare problem in terms of needed computation time that you might expect intuitively. Just because an algorithm is known, does not always make the problem solvable.

$\begingroup$Seems like a bit of a nonanswer to me. Also seems like the answer conflates a lay person's inability to contemplate a trillion monkeys with a mathematician, cryptographer, or physicist's ability to compare large numbers or determine the significance of such a number. Which begs the question IMO.$\endgroup$
– djechlinSep 2 '16 at 6:23

3

$\begingroup$@djechlin I think he's trying to say that trying every possible combination to unencrypt something could take longer than a second for this device, so it's high computational power is not capable of infinite wonders$\endgroup$
– SarfaraazSep 2 '16 at 11:50

3

$\begingroup$Also, this has nothing to do with infinity: 26^130,000 is still not infinity.$\endgroup$
– KeelanSep 3 '16 at 10:08

4

$\begingroup$The concept of infinity has nothing to do with the question that was asked.$\endgroup$
– FrostfyreSep 3 '16 at 13:00

$\begingroup$One monkey for each atom in the universe seems like too low a number of monkeys. What if you had one monkey for each Planck Volume that fits within the volume of the observable universe? That should yield a much more satisfactory number of monkeys.$\endgroup$
– arothSep 5 '16 at 13:53

Most of the existing answers are completely ignoring physics. Assuming you want to compute anything, you need data, and the Bekenstein bound puts a lower bound on the physical size of the device that has any hope of representing a given amount of data. Combined with whatever size you get, the speed of light then gives an upper bound on propagation of data within the system. 2256 is such a huge number that even if your data size were just a few bits, you could not reach anywhere near that computation speed. So your computer simply does not exist.

$\begingroup$There's no hard-science tag. Coming up with plausible ways of such computer existing doesn't take much imagination (artificial pocket universe, or a way to locally alter our current "fundamental" constants, or just a boring alien solid black box with input and output, or...).$\endgroup$
– hydeSep 2 '16 at 19:51

2

$\begingroup$Indeed. This would be a good answer to "how could a computer be designed such that it can perform 2^256 calculations per second?", but in this case, the OP posits that the computer exists and asks about the effects of such a computer on our world. That's not to say this is invalid or incorrect; just that it's an answer to a different question!$\endgroup$
– a CVn♦Sep 4 '16 at 19:54

New physics. Attempting a 2^256 calculation with terrestrial timescales and energies is utterly impossible. Cort Ammon's answer is spot on with what happens attempting it given trying to build the computer with current physical understanding.

Whatever befalls in the finding of such a computer to our current internet is nothing compared to the power that would be unlocked by dissecting it to learn the new physics and rip the secret out of it. I see no non-magical cases where a contained computer such as can be delivered to the earth that can do this does not unlock for us one of warp drive or time travel.

Practically: It would make any sort of super computer superfluous and it would break all and every encryption currently employed. It would NOT allow password guessing or breaking into a remote computer (not a mathematical problem - you can block access after x attempts and there is no way around this) but forget any sort of digital signature. Forget HTTPS.

$\begingroup$"all and every encryption currently employed" -- although interestingly it wouldn't break all current crypto primitives in every way. A brute-force SHA-512 pre-image attack is still way out of its league. Given sufficient memory it could find SHA-512 collisions, though, so that's still not great since it's still a break. Not sure what that much memory would look like ;-)$\endgroup$
– Steve JessopSep 2 '16 at 8:09

$\begingroup$As emphasis: "It would make any sort of super computer superflous" - this would also change quite some economic landscape. Those computers are EXPENSIVE. Renting on 10% of the computation time for that machine would likely handle all current supercomputers 100 times over... and that means business changes for a lot of companies involved.$\endgroup$
– TomTomSep 2 '16 at 11:17

It would mean that WPA2 wouldn't be safe anymore. Keys could be bruteforced in no time. Router manufacturers would be required to develop and deploy new, secure WiFi encryption schemes into their new models, and until their wide adoption (could take years), everyone and their dog would use their neighbours WiFi.

$\begingroup$If that is really the impact, I doubt adoption would take years.$\endgroup$
– KeelanSep 3 '16 at 10:10

2

$\begingroup$@CamilStaps: This already happened once (more gradually), with WEP, but it's probably still not totally gone from every home use, even years after its encryption was broken wide open (~1 minute of traffic capture, and 3 seconds of CPU on a Pentium-M from 2005). Adoption by people who care about security wouldn't take as long this time, but "use your neighbour's wifi" is not a significant problem for most people. Still, there would be electronic break-ins at places with bad IT people.$\endgroup$
– Peter CordesSep 4 '16 at 14:54

$\begingroup$Security was much less in the spotlight back then.$\endgroup$
– KeelanSep 4 '16 at 14:56

$\begingroup$@CamilStaps Yup, there were only all those leaked naughty photos and everything, nothing that would make people think about security. There was even an Microsoft paper that analyzed the cost-benefits of educating computer users in security - their conclusion was pretty clear; the investment is too big to pay for the losses. So they focused on making systems secure by default instead, which already helped a lot more than education ever did, even though there's still ways to go. The old-school security approach is kind of like the abstinence approach to sex ed :)$\endgroup$
– LuaanSep 6 '16 at 8:13

This would allow the aliens to simulate other possible Worlds, simulate life appearing, intelligent life forms appearing, and eventually a civilization appearing. They can then build a real world copy of that civilization for their own use.

A potential problem for us is then that the outcome of such a simulation might be that they happen to generate our civilization by chance. If they happen to generate a virtual copy of you and decide to copy you as well, you may wake up in an alien World instead of your own bed.

$\begingroup$I think you mean "computational problem", not "mathematical problem". As a mathematician, let me tell you that no amount of brute force is going to solve most of today's math problems.$\endgroup$
– user26495Sep 2 '16 at 8:13

2

$\begingroup$Take a look at the wikipedia page for Graham's number. 2^256 is infinitesimal compared to Graham's number. Also, there are problems that are undecidable, meaning that no finite amount of processing power could solve them (even if you could do Graham's number calculations per second).$\endgroup$
– Rob WattsSep 2 '16 at 16:47

$\begingroup$So we strike out chess olympics, and leave old card games. I would say yheap, take it.$\endgroup$
– MolbOrgSep 4 '16 at 18:54

$\begingroup$@NajibIdrissi In fact I would pose Riemann as a counter example. Just because you can find solutions to the Zeta function really quickly and be able to verify that they are in fact on the critical line, does not mean that you can say that ALL roots of the Zeta function lie on the critical line.$\endgroup$
– AronSep 6 '16 at 4:49

In terms of cryptography it would indeed mean the end to all current forms of crypto and the mechanisms which rely on them (I've seen RSA, WPA2 and others mentioned in the other answers here but really all of our current algorithms rely on the same fundamental theory). However, we are already looking at post-quantum cryptography and designing theoretical algorithms to be 'quantum-hard', in anticipation of our research into quantum computers turning up serious results in the foreseeable future. A quantum computer would have a similar effect to one capable of vast numbers of computations as by nature it is able to check every value simultaneously (in theory - I believe the prototypes have to limit the range of possible states but the idea holds). It is believed to be possible to create an algorithm which doesn't rely on a computationally expensive problem (in current crypto, this being the basic mathematical problem of the generation of large primes).

I'm no mathematician but my field is IT security. If you're interested in how we might alter our systems to deal with an issue like this then check out the New Hope algorithm. You can find a paper about it here

$\begingroup$"In terms of cryptography it would indeed mean the end to all current forms of crypto" Eh, no. You cannot brute-force a One-Time-Pad. Or, to be exact: you will be able to brute-force it with this contraption, but you would not know the true answer among all the false ones. Want me to prove it to you? Ok... here goes: the clear-text, the key and the cipher-text are unsigned 8-bit integers. The method of encryption and decryption is bit-wise exclusive OR (XOR) between the text and the key. The cipher-text is '0'. What is the content of the clear-text and the key?$\endgroup$
– MichaelKSep 2 '16 at 10:45

$\begingroup$No you're right about that. But I believe one time pads are not practical in computing due to the difficulty of securely exchanging keys. I may have been more accurate to say "all digital crypto"$\endgroup$
– BraeSep 3 '16 at 9:29

2

$\begingroup$This is incorrect. The computer is fast but still polynomially bound. Increasing the key size for future encryption would be sufficient.$\endgroup$
– KeelanSep 3 '16 at 10:09

1

$\begingroup$Quantum computing does not significantly change the playing field for symmetric cryptography. Grover's algorithm can effectively halve the work factor for a key recovery attack for a given key length, but that just means that we need 256-bit keys for 128-bit effective security, or 512-bit keys for 256-bit effective security, which is quite managable entirely beside the open question of whether a quantum computer large enough can be built. Shor's algorithm for integer factorization is a much bigger deal for public-key cryptography, and is mainly what "post-quantum cryptography" is about.$\endgroup$
– a CVn♦Sep 4 '16 at 20:00

$\begingroup$@MichaelKjörling And of course, since we've known about the "thread" for quite some time, we do have algorithms that work well even against quantum computers. It's just that the cost isn't quite worth it yet - until we get quantum computers big and cheap enough, factorization-based asymmetric cryptography is here to stay. That might change in the next five years, or twenty, or half a decade; no point in wasting so much work switching everything before it's really necessary. Unless you're doing top-secret work, where you probably don't use asymmetric crypto in the first place :D$\endgroup$
– LuaanSep 6 '16 at 8:10

Connectapocalypse

we could now create server to host mind diving and connect the whole human race to it via their spinal cord (sound familiar?)

unlock human potential

that many calculations per second would only be beneficial on running multiple calculation at once like the brain. it could help us understand the brain if at least not emulate the brain.

Fast Unencryption through brute force

There are supposedly many black sites out there that have the encrypted form of passwords that were obtained through scrupulous means and having this machine would allow these black sites to get a likely password more re-actively instead of brute force attempting the password for months at a time. usually its quicker to run a few computed guesses based on other information such as the location the data was obtained from, when information was obtained, how much information there is etc..

$\begingroup$Re "host mind diving" - Just because we have the processing power doesn't mean that we magically have the software.$\endgroup$
– TLWSep 2 '16 at 15:15

4

$\begingroup$@TLW Or the hardware/interface for that matter.$\endgroup$
– Patrick MSep 3 '16 at 4:49

$\begingroup$@PatrickM pretty sure we have the hardware. would just take an insane amount of ram and hard drives.$\endgroup$
– SarfaraazSep 5 '16 at 5:58

$\begingroup$@PatrickM although now that i think about it you won't need that much since u always have the live copy of the human mind on hand and the PC can process it so u won't need that much HDD and ram just a very high bandwidth transfer medium. will probably have to connect several layers of circuits to the spinal cortex$\endgroup$
– SarfaraazSep 5 '16 at 11:50

1

$\begingroup$@Sarfaraaz I wasn't talking about RAM or disk space since I was assuming absurd amounts of RAM came "free" with the faster computer. I meant that we don't currently have the hardware needed to make a copy of everything inside of the human brain, or to tap into the spine to totally simulate a virtual environment.$\endgroup$
– Patrick MSep 5 '16 at 15:58

Unfortunately 2^256 is a very big number; for all practical purposes it's close to infinite. Remember that 1 googol, 10^100, is literally more than everything, for example more than all photons and atoms in the observable universe. 2^256, or roughly 1e77, is almost nothing compared to a googol, but still close enough to be over the top. It is for example more than the number of atoms in the galaxy (perhaps 4e11 stars * 1e57 atoms/star). This makes the question less interesting than, say, 2^100 flops. But ok, let's suppose that we have essentially unlimited computing power, adequate storage with it and that it is 100% reliable:

Update: The first thing to note would be that it's likely that this computer would be a post-singularity super intelligence of its own. It will not only be alive but it will be the equivalent of a god to us; all speculation about it is futile because its ways will be unfathomable. Still, in human terms it'd be an interesting question what its motivation would be to talk to us or even help us, and in which ways it would choose to help us. These are similar questions as people around the world ask about their respective gods. I'm tempted to say that this machine is — next to the spaghetti monster — a candidate for the god of the SE crowd (except perhaps the Judaism SE), in as far as it is a surface for the projection of our speculations and hopes of redemption. (This paragraph was inspired by my Marvin quote in the comments section.)

The rest of the discussion is based on the however incongruent assumption that the computer will behave like a contemporary computer, just faster.

Not only cryptography but all computationally intensive tasks would be almost infinitely accelerated, if the device is (remotely) accessible to the general public.

Essentially all cloud storage will be transferred to this machine. The only reason to have local or regional computers is speed of access: akamai won't go out of business.

All simulations which today are performed on supercomputers or expensive work station clusters will be performed on it. The interesting thing is that with better simulations less true insight is necessary (take chess as an example).

Weather: One can simply brute-force simulate the whole atmosphere, by the molecule. Don't get me wrong -- weather is a chaotic system and simply is not deterministic. But forecasts will improve dramatically. I suppose that the computational complexity of weather forecasts is exponential; every doubling of the computing power may buy the forecasters perhaps 6 hours more prediction time. But we probably talk 20 or 40 or 80 doublings, depending on how much of the computing power we want to devote to weather forecasts.

Brain: A human brain apparently has < 10e11 neurons. We could not only brute-force simulate a brain but all brains. (I'm not sure whether we'll have consciousness; that may need some qualitative insights. But the progress will be immense.)

Physics: One could, for example, simply brute-force simulate a whole star; the sun has apparently only 1e57 atoms in it. Which gives you an idea of the size of the machine, by the way, if it has storage to match its computational power and each bit is an atom: as big as 1e20 suns, or 1e9 galaxies.

It is clear that the machine's capacity is sufficient to simulate all of the physical reality in our galaxy to a degree of precision (the atomic level) which will make it very close to the actual thing. My guess is that we would start uploading simulations of ourselves fairly soon (some decades or at most a couple hundred years). Elon Musk's simulacrum would run around in it and speculate about being in a simulation.--

That we'll be immediately able to have CGI look like real life is just a foot note; but one which will change the entertainment business and may have implications in the court room because true evidence could not be told from falsifications.

$\begingroup$The OP said it was fast, not that it had a lot of storage.$\endgroup$
– JDługoszSep 5 '16 at 12:03

$\begingroup$@JDługosz It seems a reasonable assumption. The OP didn't say it has only little storage either. The huge number of computations can logically only be achieved in parallel, thus necessitating adequate storage; if you try to perform 2^256 = 1e77 computations serially, and each one only takes the Planck time, it's still 1e33 seconds, which is 1e25 or so years, or many billion times the age of the universe. (Either way, 2^256 is too big, but still.)$\endgroup$
– Peter A. SchneiderSep 5 '16 at 12:15

1

$\begingroup$@JDługosz For all practical purposes, such a computer would be the universe, which is running perfectly concurrently.$\endgroup$
– Peter A. SchneiderSep 5 '16 at 12:22

$\begingroup$I was supposing it’s like a GP-GPU: more bark than byte. It might only have enough (fast) ram to set up the problem like checking AES, and in fact relying on functional programming concepts to avoid storing results per se. It can iterate on the same data using parallel universes or timelike curves, but doesn’t have storage on the same scale.$\endgroup$
– JDługoszSep 5 '16 at 14:27

$\begingroup$so it doesn’t compute in parallel the way we understand it, with separate local registers for each unit; maybe use closed timelike curves to go sequential, or something beyond quantum computing but using superposition of states where one gets realized.$\endgroup$
– JDługoszSep 5 '16 at 14:31

Most secure system have a 2 party login, your bank have a token, where you need the token and the password to get in. Every time the token changes so you have to make the right guess at the first try.

Lets say you could make a qualified guess with the right algorithm, you still would only have a limited amount of attempts before the account is closed down, because the intrusion counter measures kicks in.

Then the next step would be to try and kick in the door. Well, unless you are able to pick out the data and move it physically to your device, then the bandwidth of the unit stored on it (High end PCI harddrive makes about 250.000 operations per second) would make it a major slow down. Doing this over the internet would be even worse, asuming you had the bandwidth you would just make one HUGE DDOS attack on the world.

$\begingroup$"Every time the token changes so you have to make the right guess at the first try" -- although if you told this super-computer the pseudo-random algorithm used by the token-generator (often the algorithm is published to avoid security through obscurity), and let it observe some number of sequential outputs (because you've owned SSL/TLS), then it conceivably could crack the key and predict the next output (so you can log in). Depends on the size of the internal state used by the token generator, and I don't know what's typical.$\endgroup$
– Steve JessopSep 2 '16 at 8:14

1

$\begingroup$... and of course in order to do anything to SSL you have to actually put yourself in the path of the communication. A really big computer doesn't much help achieve that. You need a screwdriver and access to an internet backbone, or you need to limit yourself to attacking people in the same coffee shop as you are.$\endgroup$
– Steve JessopSep 2 '16 at 8:16

2

$\begingroup$Bandwidth is irrelevant if you only have to make one "guess". My point is that for a typical token generator, and given this alien computing power, snooping enough past values via broken SSL lets you predict all future values because it's just a PRNG. Therefore you don't need to make lots of guesses against the server. It's a different attack from the one you're talking about. Basically, alien computing power turns "something you have" (the token generator) into "something you know" (the internal state of the token generator), so it's no longer 2-factor.$\endgroup$
– Steve JessopSep 2 '16 at 10:40

1

$\begingroup$No, my response is like saying, "this is what difference the alien computer makes, it enables an attack that otherwise doesn't exist". Or rather, it might enable it: I don't know the parameters of a typical token generator handed out by a bank.$\endgroup$
– Steve JessopSep 2 '16 at 10:46

1

$\begingroup$An adversary that can do a key recovery attack against a 128-bit to 256-bit cipher in on the order of seconds realistically has no need to go through the normal login page. They can just wait for you to initiate a session, and then quite likely fairly easily hijack it.$\endgroup$
– a CVn♦Sep 4 '16 at 20:04

$\begingroup$This is incorrect. The computer is fast but still polynomially bound. Increasing the key size for future encryption would be sufficient.$\endgroup$
– KeelanSep 3 '16 at 10:10

$\begingroup$It is true that RSA can overcome such strong computers. The problem is tough, that the current used prime-factors are not big enough to counter this computer. So initially you can break most encrypted messages. Once similar computers are used to create sufficient coding again the damage is already done.$\endgroup$
– Hans JanssenSep 5 '16 at 8:19

$\begingroup$No. It only takes polynomially more time to generate a larger key, but the effort needed to bruteforce it grows exponentially.$\endgroup$
– KeelanSep 5 '16 at 8:22

For, this answer, I am assuming the aliens tech make us look like cavemen and discussion of laws of physics are all moot because we don't understand anything.

If the computer was practical (similar to a regular PC), not the size of a galaxy, nor using a solar system worth of energy to power it.

If we could duplicate it, we could make it bigger better stronger, and defeat most encryption for a long time.

If it were general purpose enough like a PC, it would end all illness as the human genome would be fully sequenced instantly. All drugs would run all permutation basically instantly, and instead of trial and error we would just brute force every molecule combination against every genome of every illness.

If you could keep it a secret, you could get a large set of all the secrets and use them for good or evil. Blackmail people into whatever you want, or your secrets will be revealed.

As soon as people knew, all encryption would be increased by orders of magnitude nullifying your advantage. 512 bits = 2^256 seconds to crack, not in many lifetimes. 256 bits to 1024 or 2048 or whatever. 4096 bits encryption to maybe 65536 bit encryption, and it is impossible to crack again. It will take several weeks for critical systems to be updated, but after that your device is worthless for this purpose. Login to all vulnerable systems would probably just be disabled until the new bits lengths were deployed. There are devices that won't be updated, and you can get their data until people buy version 2 of the product that is no longer vulnerable.

The additional bits will slow things down for awhile, but the hardware will catch up and everything will be fine.

If the device is like one of our ASIC dedicated to only brute forcing passwords, it will quickly become useless, and all system are updated to longer more complex encryption.

But a lot of people talked about the physics challenges of a computer like this. People have already brought up that you would need antigravity to prevent the energy contained from destroying the planet, and that you would need a very good system for dealing with excess heat. I'd also like to explore for a moment the spatial requirements of a computer that can do 2^256 operations per second.

To my knowledge, the current most powerful supercomputer is Sunway TaihuLight, which can hit speeds around 100 PFLOPS (about 2^53 operations a second). That is probably a decent order-of-magnitude estimate for the maximum density of FLOPS that can be achieved by transistor-based computing.

For anything resembling transistor-based computation, a computer capable of 2^256 operations per second would be a lot bigger than the planet.

Even if you just gave humans a client to this massive computer and kept the actual computer somewhere up in space... Such a large computer would be unable to function. Because it would be so big that to send data from one part of the computer to another in a timely fashion, you'd need to send signals at speeds faster than the speed of light.

And you could only get the computer back to a manageable size by making something 2^203 times more compact than a transistor. For reference, a quark is only somewhere in the ballpark of 2^32 times smaller than a transistor.

Probably the only way to get around this to use more than 3 dimensions of space to build your computer. That allows all of the bits to be closer together, so that data transfer is no longer impossible.

In N dimensions, for a computer made of transistors that are close enough to reasonably communicate data, we can estimate that it's computing power would be very roughly (2^(cuberoot(53)))^N operations per second.

If we want that number to equal 2^256, N=14.4633, but since you can't exactly have a fraction of a dimension, we round up to 15.

So basically, you would want about 15 spatial dimensions to house a computer capable of 2^256 operations per second.

I figure it is probably hard to put an upper limit on the capabities of any technology that can leverage 15 spatial dimensions.

Brute force any tech. Want some nanotech? just tell this computer to simulate possibilities using an evolutionary algorithm ( + quantum theory) until perfect nanobots are developed. The computer could design almost any tech that fitted our understanding of physics in an instant.

Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).